White House cybersecurity advisor calls for public-private cooperation

By Michael S. Mimoso, Editor, Information Security magazine 22 Apr 2009 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Hathaway, acting senior director for cyberspace for the National Security and Homeland Security Councils, is thought to be a candidate for the national cyber advisor, a White House-level position that would oversee U.S. cybersecurity and institute the mechanisms for information security cooperation domestically and internationally.

SearchSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

While short on details, Hathaway's 30-minute speech stressed the need for collaboration between the public and private sectors in securing cyberspace, and in turn the economy, civil infrastructure, public safety and national security.

"The White House must lead the way forward with leadership that draws upon the strength, advice and ideas of the entire nation," Hathaway said.

She stressed that the United States must ground itself as a leader in addressing vulnerabilities in cyberspace, and that no one government agency has a broad enough perspective to lead this effort. Hathaway's statements seemed to quash concerns that responsibility for cybersecurity would be handed over to the National Security Agency, reaffirming earlier statements made by director Lt. General Keith Alexander. The NSA chief told RSA Conference attendees a day earlier that the NSA had no interest in running cybersecurity for the country.

Hathaway added that the government must be vigilant in securing critical infrastructure, such as water, communications and the electrical grid. This also includes cooperation with the private sector, which designs, builds, owns and operates most of the infrastructure in use.

RSA Conference 2009 For all the latest news, podcasts and more direct from the show floor in San Francisco, visit our RSA Conference 2009 special news coverage page.

"The public and private sector's interests are intertwined with a shared responsibility for ensuring a secure, reliable infrastructure upon which businesses and government services depend," Hathaway said. "Information is key to preventing, detecting, responding to and recovering from cyber incidents. Again, this requires evolving our partnerships together.

"Government and industry leaders, both here and abroad, need to delineate roles and responsibilities, balance capabilities, and take ownership of the problem to develop holistic solutions."

Hathaway's report on the state of U.S. cybersecurity was delivered to President Barack Obama on Friday; she said the results should be made public in the coming days. Hathaway said the review touches on every facet of government networks, including the missions of computer network defense, law enforcement investigations, military and intelligence activities, and how those intersect with information assurance, counterintelligence, counterterrorism, telecommunications policies and general critical infrastructure protection.

Hathaway's team of government cybersecurity experts identified more than 250 needs, tasks and recommendations, she said. She also requested that government agencies identify new or existing requirements they may have. She added that her team connected with the security industry, academia, civil liberties and privacy entities, state governments and executive branches of government.

"Our outreach involved unprecedented transparency and engagement for a National Security Council initiative and having come from the private sector myself," Hathaway said, "I recognized it was vital to the review's overall success.".

During the Bush administration, Hathaway served as senior advisor to the Director of National Intelligence, John Michael McConnell, chaired several cybersecurity-related groups and helped develop the Comprehensive National Cybersecurity Initiative (CNCI). The CNCI plan is a $40 billion classified plan that has 12 components, including the Trusted Internet Connections (TIC) program. TIC's goal is to trim the number of connections from federal computer systems to outside networks from more than 4,000 to fewer than 100. The Einstein system, a network-monitoring tool used by DHS to monitor and analyze traffic moving through federal networks, is a key component of TIC.

Tags: Information Security Laws, Investigations and Ethics,  Security Industry Market Trends, Predictions and Forecasts,  Information Security Policies, Procedures and Guidelines,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Information Security Laws, Investigations and Ethics Melissa Hathaway urges more cooperation, government attention to cybersecurity Cybersecurity czar candidate questions clout of new position DHS fills National Cybersecurity Center post FTC shutters rogue ISP for hosting malicious content, botnets Experts optimistic of Obama cybersecurity plan WH cybersecurity plan needs private sector guidance Obama announces creation of cybersecurity coordinator position Cybersecurity Act of 2009: Power grab, or necessary step? Face-off: Who should be in charge of cybersecurity? Feds should get private sector advice on cybersecurity Security Industry Market Trends, Predictions and Forecasts SCADA system, critical infrastructure security lacking, survey finds Security architects fear savvy botnet attacks, IPv6 security issues Security compliance predictions for 2010: New regulations, new technology IAM trends: Rebuilding security with provisioning technologies Gartner acquires Burton Group, bolsters presence Securosis adds Security Incite, Rothman to its roster Five security industry themes to watch in 2010 How to advance in your infosec career in the current economic storm Top cybersecurity stories of 2009 Security industry praises Schmidt but sees challenges ahead Security Industry Market Trends, Predictions and Forecasts Research Information Security Policies, Procedures and Guidelines Schneier-Ranum face-off part 6: Audience questions Editor's Desk: Apathy and the Cybersecurity Coordinator Writing security policies using a taxonomy-based approach How to detect and respond to money laundering Health Net breach failure of security policy, technology How to protect distributed information flows Whitelists, SaaS modify traditional security, tackle flaws Melissa Hathaway urges more cooperation, government attention to cybersecurity Reuters: Obama ready to select cyber security czar How a corporate Twitter policy can combat social network threats

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary CALEA  (SearchSecurity.com) cyberstalking  (SearchSecurity.com) FERPA  (SearchSecurity.com) HSPD-7  (SearchSecurity.com) I-SPY Act  (SearchSecurity.com) Information Awareness Office  (SearchSecurity.com) intelligence community  (SearchSecurity.com) lawful interception  (SearchSecurity.com) lifestyle polygraph  (SearchSecurity.com) vulnerability disclosure  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary